Presentation is loading. Please wait.

Presentation is loading. Please wait.

PV204 Security technologies LABS

Published byAmbrose Singleton Modified over 6 years ago

Similar presentations

Presentation on theme: "PV204 Security technologies LABS"— Presentation transcript:

1 PV204 Security technologies LABS
Introduction to smart cards Petr Švenda Faculty of Informatics, Masaryk University

2 The masterplan for this lab
Secure channel and smartcard communication Building Secure Channel protocol (together) simple protocol  design attack  fix it  iterate Communicate with smart card (GPPro tool) ATR, basic info, CPLC Communicate with card programmatically Java java.smartcardio.* or C/C++ PC/SC API CPLC data Obtain list of supported instructions from unknown card | PV204: Introduction to smart cards

3 1. Building Secure Channel protocol
Scenario: we like to transfer extrasupersensitive data between PC and smartcard Simple protocol  design attack  fix it  iterate Participate in discussion (Steps and solution will be published after the labs in IS) | PV204: Introduction to smart cards

4 2. Communicate with smart card (GPPro)
Contact PC/SC readers + cards GlobalPlatformPro tool Basic smart card commands, sending APDUs Management of GlobalPlatform cards (JavaCard) Type gp --help for all functionality We will use basic functionality now, rest next week | PV204: Introduction to smart cards

5 gp --info Obtain information about smart card
Obtain ATR (Answer To Reset) Parse using Who is probable manufacturer of card? What is probable OS environment for this card? Is it JavaCard? What is card’s circuit serial number? When was card produced? | PV204: Introduction to smart cards

6 gp --apdu APDU_in_hexa --debug
Send APDU command from command line Try gp --info --debug Can you spot APDU command to obtain CPLC info? Send get CPLC APDU separately gp --apdu 80CA9F7F --debug Can you relate card’s response data and gp --info? What is response status word? | PV204: Introduction to smart cards

7 3. Communicate with card programmatically
SimpleAPDU project (IS, NetBeans) Uses Java’s javax.smartcardio.* API CardMngr.java – utility functions for card communication Obtain list of available readers List readers = TerminalFactory.getDefault().terminals().list(); Connect to card CardTerminal.isCardPresent(), CardTerminal.connect(“*”); Obtain ATR: Card.getATR().getBytes() Send APDU: ResponseAPDU resp = CardChannel.transmit(apdu) | PV204: Introduction to smart cards

8 3. Communicate with card programmatically
Try to send get CPLC command Pre-prepared in GetCPLCData() method Necessary to set proper APDU Parse response buffer Can you relate card’s response data and gp --info? What is value of response status word? | PV204: Introduction to smart cards

9 Supported commands Card responds to some APDU commands
Generic ones (e.g., get CPLC data) Custom ones (what card’s owner wants) Usually CLA/INS/P1 only (P2 sometimes) How to get list of commands supported by a card? Look into documentation / standard (e.g., SIM commands) Try to probe card (limited number of possible commands) Be careful – many failed attempts may block your card! | PV204: Introduction to smart cards

10 Obtain list of supported commands
Write code that will try all combination if CLA/INS Observe response codes Make list of CLA/INS which returns interesting code Analyse with curiosity! | PV204: Introduction to smart cards

Download ppt "PV204 Security technologies LABS"

Similar presentations

1 Java Card Technology Prepared by:Ali Toyserkani Adopted from: Introduction to Java Card Technology C. Enrique Ortiz.

1 Java Card Technology Prepared by:Ali Toyserkani Adopted from: Introduction to Java Card Technology C. Enrique Ortiz.
1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.

1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.
Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.

Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.
Design and Development of High Performance PC Based Logic Analyzer MSc Project by Rab Nawaz 2001-03-0030 Advisor: Dr. Shahid Masud.

Design and Development of High Performance PC Based Logic Analyzer MSc Project by Rab Nawaz Advisor: Dr. Shahid Masud.
Smartcard Evaluation TM8104 – IT Security Evaluation 2008-11-13Linda Ariani Gunawan.

Smartcard Evaluation TM8104 – IT Security Evaluation Linda Ariani Gunawan.
Masaryk U., Monet+ 8.3.2013 White-box attack resistant cryptography – mobility tickets Petr Švenda Masaryk University,

Masaryk U., Monet White-box attack resistant cryptography – mobility tickets Petr Švenda Masaryk University,
Fayoum University Faculty of Engineering Electrical Engineering Department E-voting system Using Smart Card Under the supervision Of: Dr. Magdy Amer.

Fayoum University Faculty of Engineering Electrical Engineering Department E-voting system Using Smart Card Under the supervision Of: Dr. Magdy Amer.
Smart Card 李開振, 許家碩 Department of Computer Science National Chiao Tung University.

Smart Card 李開振, 許家碩 Department of Computer Science National Chiao Tung University.
© 2009 Research In Motion Limited Advanced Java Application Development for the BlackBerry Smartphone Trainer name Date.

© 2009 Research In Motion Limited Advanced Java Application Development for the BlackBerry Smartphone Trainer name Date.
Global Platform Presentation C:\Path - filename - san - 23.10.02 - page 1 Open Platform on Java Card Introduction by Ingeborg Sandow.

Global Platform Presentation C:\Path - filename - san page 1 Open Platform on Java Card Introduction by Ingeborg Sandow.
P3 - prepare a computer for installation/upgrade By Ridjauhn Ryan.

P3 - prepare a computer for installation/upgrade By Ridjauhn Ryan.
Slide 1 Project 1 Task 2 T&N3311 PJ1 Information & Communications Technology HD in Telecommunications and Networking Task 2 Briefing The Design of a Computer.

Slide 1 Project 1 Task 2 T&N3311 PJ1 Information & Communications Technology HD in Telecommunications and Networking Task 2 Briefing The Design of a Computer.
Group # 3 Week 10. Progress so far ► Writing the progress report. ► Writing and edit code to send and receive SMS messages ► Writing code in VB to interprets.

Group # 3 Week 10. Progress so far ► Writing the progress report. ► Writing and edit code to send and receive SMS messages ► Writing code in VB to interprets.
Introduction Architecture Hardware Software Application Security Logical Attack Physical Attack Side channel Attack.

Introduction Architecture Hardware Software Application Security Logical Attack Physical Attack Side channel Attack.
JAVA CARD Presented by: MAYA RAJ U C A S,PATHANAMTHITTA.

JAVA CARD Presented by: MAYA RAJ U C A S,PATHANAMTHITTA.
Masaryk U. – related research, interest Laboratory of security and applied cryptography Lab head: Vashek Matyáš Petr Švenda

Masaryk U. – related research, interest Laboratory of security and applied cryptography Lab head: Vashek Matyáš Petr Švenda
PV204 Security technologies Team projects Petr Švenda Faculty of Informatics, Masaryk University, Brno, CZ | PV204 - Security technologies.

PV204 Security technologies Team projects Petr Švenda Faculty of Informatics, Masaryk University, Brno, CZ | PV204 - Security technologies.
PV204 Security technologies Reverse engineering of binary applications Petr Švenda Faculty of Informatics, Masaryk University.

PV204 Security technologies Reverse engineering of binary applications Petr Švenda Faculty of Informatics, Masaryk University.
Host Identifier Revocation in HIP draft-irtf-hiprg-revocation-01 Dacheng Zhang IETF 79.

Host Identifier Revocation in HIP draft-irtf-hiprg-revocation-01 Dacheng Zhang IETF 79.
PV204 Security technologies Labs: Secure authentication and authorization Petr Švenda Faculty of Informatics, Masaryk.

PV204 Security technologies Labs: Secure authentication and authorization Petr Švenda Faculty of Informatics, Masaryk.

Similar presentations

Ads by Google